Currently been at this for few hours now and desperately need a fresh set of eyes. When log in takes place a form is loaded to test encrypted password and username against the database, as it stands there are no errors showing up in the form when it is run but simply when it is run it denies the data from the user currently in the database being passed through.
I also recieve the final else statement giving me "Access Denied" any help would be hugely appreciated just need a fresh set of eyes, thanks alot. also to add all the $data instances are fields within the database
<?php
$serverName = "localhost";
$username = "root";
$password = "";
$databaseName = "filestackusers";
$connect = new PDO("mysql:host=$serverName;dbname=$databaseName",$username, $password);
//encrypt pass and user for search
if(isset($_POST["username"]) && isset($_POST["password"]))
{
$FolderEncryption = md5($_POST['username']);
$passwordEncryption = md5($_POST['password']);
}
else
{
echo "information not passed";
}
try
{
//search if found load info
$checkSqlStmt = $connect->prepare("SELECT * FROM users WHERE user_folder =
:FolderEncryption AND password = :passwordEncryption");
//bind
$checkSqlStmt->bindParam(':FolderEncryption', $FolderEncryption, PDO::PARAM_STR);
$checkSqlStmt->bindParam(':passwordEncryption', $passwordEncryption, PDO::PARAM_STR);
//execute
$checkSqlStmt->execute();
$data = $checkSqlStmt -> fetchAll();
}
catch (Exception $ex)
{
die("An error has occured! " . $ex->getMessage());
}
if ($data)
{
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
echo 'Access Granted';
$_SESSION['userID'] = $data[0]['user_id'];
$_SESSION['Username'] = $data[0]['username']; //set sessions
$_SESSION['Password'] = $data[0]['password'];
$_SESSION['Email'] = $data[0]['email'];
$_SESSION['UserFolder'] = $data[0]['user_folder'];
//load user info
loadFileInformation();
}
}
else
{
echo "Access Denied";
}
?>
You only echo access denied when $data evaluates to false. That can be the case when you don't assign it at all, which happens when you get an exception when executing the query. If there is no exception, fetchAll might still return false in case of an error.
But also, if the query executes correctly but returns no rows, fetchAll() returns an empty array, which also evaluates to false in PHP. (I don't make this stuff up!)
So whichever the case, it is due to the execution of the query.
Chances are that your $data variable is false so your code is echoing "Access Denied". You should set your condition to check that $data equals what you want it to and then proceed.
For Example:
if ($data == "Blah"){
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
//Blah Blah
}
}else{echo "Access Denied";}
As opposed to:
if ($data)
{
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
//Blah Blah
}
}else{echo "Access Denied";} // etc
The point is that your condition should be more precises. Whether using fetchAll or what ever.